Detections
Analytics

Mandrake Linux Security Advisory : MySQL (MDKSA-2002:087)

high Nessus Plugin ID 13985

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitrary code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '�' to any memory address.
Both of these flaws could allow DOS attacks or arbitary code execution within anything linked against libmysqlclient.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?3b0e0138

Plugin Details

Severity: High

ID: 13985

File Name: mandrake_MDKSA-2002-087.nasl

Version: 1.19

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:mysql-client, p-cpe:/a:mandriva:linux:mysql-devel, p-cpe:/a:mandriva:linux:mysql-shared, p-cpe:/a:mandriva:linux:libmysql10, p-cpe:/a:mandriva:linux:libmysql10-devel, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0, p-cpe:/a:mandriva:linux:mysql, p-cpe:/a:mandriva:linux:mysql-max, p-cpe:/a:mandriva:linux:mysql-bench, cpe:/o:mandrakesoft:mandrake_linux:8.1, cpe:/o:mandrakesoft:mandrake_linux:8.2, cpe:/o:mandrakesoft:mandrake_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 12/18/2002

Reference Information

CVE: CVE-2002-1373, CVE-2002-1374, CVE-2002-1375, CVE-2002-1376

MDKSA: 2002:087